查看文章 |
ASP防盗链综合实例 <% '盗链判断 Dim server_v1,server_v2 server_v1=Cstr(Request.ServerVariables("HTTP_REFERER")) server_v2=Cstr(Request.ServerVariables("SERVER_NAME")) If Mid(server_v1,8,len(server_v2))<>server_v2 Then Response.Write "非法的盗链" Response.End End If Dim url, body, myCache url = Request.QueryString("url") Set myCache = new cache myCache.name = "picindex"&url If myCache.valid Then body = myCache.value Else body = GetWebData(url) myCache.add body,dateadd("d",1,now) End If If Err.Number = 0 Then Response.CharSet = "UTF-8" Response.ContentType = "application/octet-stream" Response.BinaryWrite body Response.Flush Else Wscript.Echo Err.Description End if '取得数据 Public Function GetWebData(ByVal strUrl) Dim curlpath curlpath = Mid(strUrl,1,Instr(8,strUrl,"/")) Dim Retrieval Set Retrieval = Server.CreateObject("Microsoft.XMLHTTP") With Retrieval .Open "Get", strUrl, False,"","" .setRequestHeader "Referer", curlpath .Send GetWebData =.ResponseBody End With Set Retrieval = Nothing End Function 'cache类 class Cache private obj 'cache内容 private expireTime '过期时间 private expireTimeName '过期时间application名 private cacheName 'cache内容application名 private path 'url
private sub class_initialize() path=request.servervariables("url") path=left(path,instrRev(path,"/")) end sub
private sub class_terminate() end sub
public property get blEmpty '是否为空 if isempty(obj) then blEmpty=true else blEmpty=false end if end property
public property get valid '是否可用(过期) if isempty(obj) or not isDate(expireTime) then valid=false elseif CDate(expireTime)<now then valid=false else valid=true end if end property
public property let name(str) '设置cache名 cacheName=str & path obj=application(cacheName) expireTimeName=str & "expires" & path expireTime=application(expireTimeName) end property
public property let expires(tm) '重设置过期时间 expireTime=tm application.lock application(expireTimeName)=expireTime application.unlock end property
public sub add(var,expire) '赋值 if isempty(var) or not isDate(expire) then exit sub end if obj=var expireTime=expire application.lock application(cacheName)=obj application(expireTimeName)=expireTime application.unlock end sub
public property get value '取值 if isempty(obj) or not isDate(expireTime) then value=null elseif CDate(expireTime)<now then value=null else value=obj end if end property
public sub makeEmpty() '释放application application.lock application(cacheName)=empty application(expireTimeName)=empty application.unlock obj=empty expireTime=empty end sub
public function equal(var2) '比较 if typename(obj)<>typename(var2) then equal=false elseif typename(obj)="Object" then if obj is var2 then equal=true else equal=false end if elseif typename(obj)="Variant()" then if join(obj,"^")=join(var2,"^") then equal=true else equal=false end if else if obj=var2 then equal=true else equal=false end if end if end function end class %> 第一种: 终于对下载系统做了个防盗链措施,在下载的页面头部做了如下代码,相关代码如下: <% From_url = Cstr(Request.ServerVariables("HTTP_REFERER")) Serv_url = Cstr(Request.ServerVariables("SERVER_NAME")) if mid(From_url,8,len(Serv_url)) <> Serv_url and mid(From_url,8,len(Serv_url))<>"ITstudy.cn" and mid(From_url,8,len(Serv_url))<>"www.ITstudy.cn" then response.write "您下载的软件来自IT学习网,请直接从主页下载,谢谢<br>" ’防止盗链 response.write "<a href=http://www.ITstudy.cn>IT学习网http://www.ITstudy.cn</a>" ’防止盗链 response.end end if %> 第二种: <% ’定义函数,用ADODB.Stream读取二进制数据 Function ReadBinaryFile(FileName) Const adTypeBinary = 1 Dim BinaryStream Set BinaryStream = CreateObject("ADODB.Stream") BinaryStream.Type = adTypeBinary BinaryStream.Open BinaryStream.LoadFromFile FileName ReadBinaryFile = BinaryStream.Read End Function
Response.AddHeader "Content-Disposition", "attachment;filename=2.gif"’文件名 Response.ContentType = "image/GIF" ’设置(1) response.Binarywrite ReadBinaryFile(server.mappath("2.gif"))’就是你读取存在本地的文件,防止被 别人知道真实路径盗连的。
%> (1)下面的示例将 ContentType 属性设置为其他的常见值。 text/HTML 这个就不说了 image/GIF gif图片 image/JPEG jpg图片 application/x-cdf cdf文档 application/wma 就是西瓜哪个音乐类型了 具体可以参照 Web 浏览器文档或当前的 HTTP 规格说明
这样再利用asp的储存session,cookies,以及读取HTTP头等特殊功能就可以完全真正的实现防盗连,这里 没有设置缓存,如果访问量巨大,我想设置下就会更好吧。 第三种: 最简单的用Active Server Pages防站外提交表单、跨站提交表单、防盗链…… 方法:Request.SeverVariables("HTTP_REFERER") 解释:当某人通过链接到达当前页,HTTP_REFERER 就保存了这个用户的来源(来路) 举个例子,这个例子很简单,只是抛砖引玉而已,大家可以增加更多的功能。 如下,只有首先从“ http://www.ITstudy.cn”登陆才能看到文件内容。 源码:index.asp <html> <head><title>最简单的用asp防盗链</title></head> <body> <% Option.Explicit Response.Buffer=Ture %> <% CheckUrl("http://ITstudy.cn/index.jsp") %> <% Function CheckUrl(url) Dim Where:Where=Request.SeverVariables("HTTP_REFERER") If Where=url Then Call main() Else Response.write("很抱歉,您必须从"&url&"访问才能进来!") End if End Function %> <% Sub main() Response.write("这儿是你要显示的网页内容") End sub %> </body> </html> 该方法对防止盗链文章、站外提交表单、跨站提交表单还比较有效,对于软件盗链比如.rar.zip.exe等倒没什么作用。 不知各位读者是否有好的主意,呵呵。
还有一种方法就是用判断服务器及上一页的地址来完成。 <% dim from, local from = request.ServerVariables("HTTP_REFERER") local = request.ServerVariables("SERVER_NAME") If mid(from, 8, local)<>Len(local) Then response.write "不要从外部提交数据" else call main() end if sub main() ’你的主体内容 end sub %> |
